def get_serializer(self, runner):
return serializers.Context(
serializers.Const(self.adapts),
serializers.Dict(
DNSName=serializers.Context(
serializers.Property("CanonicalHostedZoneName"),
serializers.Expression(lambda r, o: route53._normalize(o)),
),
HostedZoneId=serializers.Property("CanonicalHostedZoneNameID"),
EvaluateTargetHealth=False,
))
class LaunchConfiguration(Resource):
resource_name = "launch_configuration"
name = argument.String(max=255, field="LaunchConfigurationName", update=False)
image = argument.String(max=255, field="ImageId")
key_pair = argument.Resource(KeyPair, field="KeyName")
security_groups = argument.ResourceList(SecurityGroup, field="SecurityGroups")
user_data = argument.Serializer(field="UserData")
instance_type = argument.String(max=255, field="InstanceType")
kernel = argument.String(max=255, field="KernelId")
ramdisk = argument.String(max=255, field="RamdiskId")
# block_devices = argument.Dict(field="BlockDeviceMappings")
instance_monitoring = argument.Boolean(
default=False,
field="InstanceMonitoring",
serializer=serializers.Dict(Enabled=serializers.Identity()),
)
spot_price = argument.String(field="SpotPrice")
instance_profile = argument.Resource(
InstanceProfile,
field="IamInstanceProfile",
serializers=serializers.Property("Arn"),
)
ebs_optimized = argument.Boolean(field="EbsOptimized")
associate_public_ip_address = argument.Boolean(field="AssociatePublicIpAddress")
placement_tenancy = argument.String(
max=64,
choices=[
"default",
"dedicated",
],
field="PlacementTenancy",
)
account = argument.Resource(Account)
def matches(self, runner, remote):
if "UserData" in remote and remote["UserData"]:
import base64
remote["UserData"] = base64.b64decode(remote["UserData"])
return super(LaunchConfiguration, self).matches(runner, remote)
class Listener(Resource):
resource_name = "listener"
protocol = argument.String(field="Protocol")
port = argument.Integer(field="LoadBalancerPort")
instance_protocol = argument.String(field="InstanceProtocol")
instance_port = argument.Integer(field="InstancePort")
ssl_certificate = argument.Resource(
ServerCertificate,
field="SSLCertificiateId",
serializer=serializers.Property("Arn"),
)
def update_object(self):
if self.resource.route_table:
if not self.object.get("RouteTableAssociationId", None):
yield self.generic_action(
"Associate route table",
self.client.associate_route_table,
SubnetId=serializers.Identifier(),
RouteTableId=serializers.Context(
serializers.Argument("route_table"),
serializers.Identifier()),
)
elif self.object['RouteTableId'] != self.runner.get_plan(
self.resource.route_table).resource_id:
yield self.generic_action(
"Replace route table association",
self.client.associate_route_table,
AssociationId=self.object["RouteTableAssociationId"],
RouteTableId=serializers.Context(
serializers.Argument("route_table"),
serializers.Identifier()),
)
elif self.object.get("RouteTableAssociationId", None):
yield self.generic_action(
"Disassociate route table",
self.client.disassociate_route_table,
AssociationId=self.object["RouteTableAssociationId"],
)
naa_changed = False
if not self.resource.network_acl:
return
if not self.object:
naa_changed = True
elif not self.object.get("NetworkAclAssociationId", None):
naa_changed = True
elif self.runner.get_plan(
self.resource.network_acl).resource_id != self.object.get(
'NetworkAclId', None):
naa_changed = True
if naa_changed:
yield self.generic_action(
"Replace Network ACL association",
self.client.replace_network_acl_association,
AssociationId=serializers.Property('NetworkAclAssociationId'),
NetworkAclId=serializers.Context(
serializers.Argument("network_acl"),
serializers.Identifier()),
)
class ViewerCertificate(Resource):
resource_name = "viewer_certificate"
certificate = argument.Resource(
ServerCertificate,
field="IAMCertificateId",
serializer=serializers.Property("ServerCertificateId"),
)
default_certificate = argument.Boolean(
field="CloudFrontDefaultCertificate")
ssl_support_method = argument.String(
default="sni-only",
choices=["sni-only", "vip"],
field="SSLSupportMethod",
)
minimum_protocol_version = argument.String(
default="TLSv1",
choices=["TLSv1", "SSLv3"],
field="MinimumProtocolVersion",
)
class Rule(Resource):
resource_name = "rule"
@property
def dot_ignore(self):
return self.security_group is None
protocol = argument.String(default='tcp',
choices=['tcp', 'udp', 'icmp'],
field="IpProtocol")
port = argument.Integer(min=-1, max=32768)
from_port = argument.Integer(default=lambda r: r.port,
min=-1,
max=32768,
field="FromPort")
to_port = argument.Integer(default=lambda r: r.port,
min=-1,
max=32768,
field="ToPort")
security_group = argument.Resource(
"touchdown.aws.vpc.security_group.SecurityGroup",
field="UserIdGroupPairs",
serializer=serializers.ListOfOne(
serializers.Dict(
UserId=serializers.Property("OwnerId"),
GroupId=serializers.Identifier(),
)),
)
network = argument.IPNetwork(
field="IpRanges",
serializer=serializers.ListOfOne(
serializers.Dict(CidrIp=serializers.String(), )),
)
def matches(self, runner, rule):
sg = None
if self.security_group:
sg = runner.get_plan(self.security_group)
# If the SecurityGroup doesn't exist yet then this rule can't exist
# yet - so we can bail early!
if not sg.resource_id:
return False
if self.protocol != rule['IpProtocol']:
return False
if self.from_port != rule.get('FromPort', None):
return False
if self.to_port != rule.get('ToPort', None):
return False
if sg and sg.object:
for group in rule.get('UserIdGroupPairs', []):
if group['GroupId'] == sg.resource_id and group[
'UserId'] == sg.object['OwnerId']:
return True
if self.network:
for network in rule.get('IpRanges', []):
if network['CidrIp'] == str(self.network):
return True
return False
def __str__(self):
name = super(Rule, self).__str__()
if self.from_port == self.to_port:
ports = "port {}".format(self.from_port)
else:
ports = "ports {} to {}".format(self.from_port, self.to_port)
return "{}: {} {} from {}".format(
name, self.protocol, ports,
self.network if self.network else self.security_group)